package com.killer.auth.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Spring Security核心配置文件
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 设置请求拦截配置
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
//        super.configure(web);TokenEndpoint
        //不需要拦截的路径
        web.ignoring().antMatchers("/auth/login", "/auth/logout","/test/**");
    }

    /**
     * 创建授权管理认证对象  使用spring security的认证管理器
     * 千万注意，这里的方法名很容易写错，写成authenticationManager，会死递归
     * @return
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .httpBasic() //启用Http基本身份验证
                .and()
                .formLogin()//启用表单身份验证
                .and()
                .authorizeRequests().anyRequest().authenticated();//其他请求都需要经过验证
    }
}
